The invention has application in the use of self-contained portable intelligent devices which include a microprocessor for performing data processing. Such devices are presently being embodied in the form of integrated circuit cards (also known as smartcards). These smartcards are considered to be tokens and in their basic form have the appearance of a standard credit card but incorporate within them various forms of integrated circuits to allow for on-board storage and processing of data via an input-output port. Smartcards store information that may be used to identify a particular user. Such cards are intended to be inserted into host devices such as personal computers, communication devices and the like which, in concert with such cards, may provide services only to certain users as identified by the aforesaid user information stored in such cards.
A user might have a card into which is coded a representation of his identity, his signature, passwords or keys that identify him or are reserved for his use, etc. The user might insert his card into a host device such as a computer or communications terminal. The host device might then access such information from the card, and might then grant him access to data intended only for him, allow him to enter messages that recipients will believe to be only from him, enter a digital signature that will be interpreted as his, etc.
Smartcard technology has been used to establish a secure communications link over an unsecured network. U.S. Pat. No. 5,602,918, "APPLICATION LEVEL SECURITY SYSTEM AND METHOD", issued to Chen et al., involves the use of smartcard technology to send authenticatable documents over the internet. The '918 patent provides for mutual authentication of the parties to the communication upon the initial establishment of a communications channel, and the generation of a session key in order to secure the channel. The smartcard is used for all encryption functions and contains data and circuitry for encryption within the smartcard itself. Thus, conventionally, a smartcard (and its accompanying encryption circuitry) resides outside, and separate from, a telecommunications security module.
However, smartcards, being small, are easily lost, stolen, or left unguarded, thereby permitting temporary unauthorized use or duplication. If an unauthorized party inserts the card or a copy of the card into a host device, the host device will read the security parameters from the card just as if the authorized holder of the card had inserted it. Such unauthorized party will thus gain access to services and privileges intended only for the authorized holder of the card; system security may thus be severely compromised. Thus, an important consideration with respect to the use of portable self-contained smartcards for performing transactions between a service user and a service provider is the ability to secure data storage within these devices as well as the ability to secure the transmission of this data to and from these devices.
Another disadvantage of smartcards is that they increase the physical size and cost of the device in which they are to be inserted, because the card reader electronics and the physical slot in which the user inserts the card must be included within the device.
Other means for securing data, especially with respect to data transmission, rely upon the use of secret cipher keys to encrypt the data. These keys have to be stored securely and used securely, otherwise the data transmission is not secure. In other words, encryption methods typically rely on secret keys known only to authorized users of the protected data. In the widely used Data Encryption Standard (DES) developed and promulgated by the National Bureau of Standards, data is enciphered in 64-bit blocks using a single 56-bit key, as described in National Bureau of Standards.degree. Federal Information Processing Standards Publication 46, "Data Encryption Standard," National Bureau of Standards (1977). Encryption techniques using two keys, one for encrypting the data and a different key for decryption, are called "public key" systems because the encryption key can be made public so that anyone can use the public key to encrypt sensitive data, but only a recipient with the secret key can decrypt it. One widely used and highly effective public key algorithm known as the "RSA" system, named after the inventors Rivest, Shamir and Adelman, is described in U.S. Pat. No. 4,405,829, issued to Rivest et al.
When a sensitive transmission is transmitted over an unsecured network, not only must the sender ensure that the transmission cannot be accessed by unauthorized parties, but the recipient is often faced with the challenge of verifying that a received transmission has not been tampered with, and that the purported sender is the actual originator of the transmission.
Current digital signature generating and file encryption methods, including DES and private/public key cryptosystems, provide adequate protection if both parties have the capability of generating the necessary keys. However, because the protection provided by a key is generally a function of the relative computing power between the key generator and those attempting to defeat the key, and because key generation technology often cannot be exported, key generation is best left to agencies known as "key servers," having the capability both of generating and protecting the keys thus generated.
A weakness of any system which relies on key servers lies in the initial establishment of communications between the parties to the communication and the key server. The same problems noted above, involving authentication of the parties to a communication, are also present in communications between the respective parties to a communication and the agency which provides encryption services to those parties, even though the key server might possess its own secured network. Also, once the parties to the communication are authenticated, there remains the problem of key distribution. Distribution of keys over the public network is obviously the most convenient method of key distribution, but such electronic transfer is generally less secure than distribution of keys by means other than electronic transfer or by means of a completely secured network line.
The security of both single-key and public-key encryption systems depends on the user's ability to keep the key or keys secret. Although both the DES and RSA encryption algorithms themselves can be depended upon to provide adequate security, neither system can safeguard data if the keys can be learned. The management of the keys themselves accordingly presents a difficult component of good data security system.
Although the art of encryption within transmission networks is well developed, there remain some problems inherent in this technology, particularly with respect to the use of tokens and keys. Therefore, a need exists for a security module that is tokenless and that overcomes the drawbacks of the prior art.